Add view permission for the smart settings app. It is no longer required to be a super admin or staff user to see the setting values.

mayan/apps/permissions/tests/__init__.py

@@ -0,0 +1 @@
+from .literals import *  # NOQA

mayan/apps/permissions/tests/literals.py

@@ -0,0 +1,3 @@
+from __future__ import unicode_literals
+
+TEST_ROLE = 'test role'

mayan/apps/permissions/tests/test_models.py

@@ -9,12 +9,14 @@ from ..classes import Permission
 from ..models import Role
 from ..permissions import permission_role_view
 
+from .literals import TEST_ROLE
+
 
 class PermissionTestCase(TestCase):
     def setUp(self):
         self.user = get_user_model().objects.create(username='test user')
         self.group = Group.objects.create(name='test group')
-        self.role = Role.objects.create(label='test role')
+        self.role = Role.objects.create(label=TEST_ROLE)
         Permission.invalidate_cache()
 
     def tearDown(self):

mayan/apps/smart_settings/links.py

@@ -4,16 +4,13 @@ from django.utils.translation import ugettext_lazy as _
 
 from navigation import Link
 
-
-def is_superuser(context):
-    return context['request'].user.is_staff or context['request'].user.is_superuser
-
+from .permissions import permission_settings_view
 
 link_namespace_list = Link(
-    condition=is_superuser, icon='fa fa-sliders', text=_('Settings'),
-    view='settings:namespace_list'
+    icon='fa fa-sliders', permissions=(permission_settings_view,),
+    text=_('Settings'), view='settings:namespace_list'
 )
 link_namespace_detail = Link(
-    condition=is_superuser, text=_('Settings'),
+    permissions=(permission_settings_view,), text=_('Settings'),
     view='settings:namespace_detail', args='resolved_object.name'
 )

mayan/apps/smart_settings/permissions.py

@@ -0,0 +1,11 @@
+from __future__ import absolute_import, unicode_literals
+
+from django.utils.translation import ugettext_lazy as _
+
+from permissions import PermissionNamespace
+
+namespace = PermissionNamespace('smart_settings', _('Smart settings'))
+
+permission_settings_view = namespace.add_permission(
+    name='permission_settings_view', label=_('View settings')
+)

mayan/apps/smart_settings/tests/test_view_permissions.py

@@ -0,0 +1,63 @@
+from __future__ import absolute_import, unicode_literals
+
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import Group
+from django.core.urlresolvers import reverse
+from django.test.client import Client
+from django.test import TestCase
+
+from permissions.classes import Permission
+from permissions.models import Role
+from permissions.tests import TEST_ROLE
+
+from ..permissions import permission_settings_view
+
+TEST_EMAIL = 'test_user@example.com'
+TEST_GROUP = 'test group'
+TEST_PASSWORD = 'testuserpassword'
+TEST_USERNAME = 'test_user'
+
+
+class SmartSettingViewPermissionsTestCase(TestCase):
+    def setUp(self):
+        self.user = get_user_model().objects.create_user(
+            username=TEST_USERNAME, email=TEST_EMAIL,
+            password=TEST_PASSWORD
+        )
+        self.group = Group.objects.create(name=TEST_GROUP)
+        self.role = Role.objects.create(label=TEST_ROLE)
+
+        self.group.user_set.add(self.user)
+        self.role.groups.add(self.group)
+
+        Permission.invalidate_cache()
+
+        self.client = Client()
+        self.client.login(
+            username=TEST_USERNAME, password=TEST_PASSWORD
+        )
+
+    def tearDown(self):
+        self.group.delete()
+        self.role.delete()
+        self.user.delete()
+
+    def test_view_access_denied(self):
+        response = self.client.get(reverse('settings:namespace_list'))
+        self.assertEqual(response.status_code, 403)
+
+        response = self.client.get(
+            reverse('settings:namespace_detail', args=('common',),)
+        )
+        self.assertEqual(response.status_code, 403)
+
+    def test_view_access_permitted(self):
+        self.role.permissions.add(permission_settings_view.stored_permission)
+
+        response = self.client.get(reverse('settings:namespace_list'))
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.get(
+            reverse('settings:namespace_detail', args=('common',),)
+        )
+        self.assertEqual(response.status_code, 200)

mayan/apps/smart_settings/views.py

@@ -6,6 +6,7 @@ from django.utils.translation import ugettext_lazy as _
 from common.views import SingleObjectListView
 
 from .classes import Namespace
+from .permissions import permission_settings_view
 
 
 class NamespaceListView(SingleObjectListView):
@@ -13,12 +14,15 @@ class NamespaceListView(SingleObjectListView):
         'hide_link': True,
         'title': _('Setting namespaces'),
     }
+    view_permission = permission_settings_view
 
     def get_queryset(self):
         return Namespace.get_all()
 
 
 class NamespaceDetailView(SingleObjectListView):
+    view_permission = permission_settings_view
+
     def get_extra_context(self):
         return {
             'hide_object': True,
@@ -29,7 +33,9 @@ class NamespaceDetailView(SingleObjectListView):
         try:
             return Namespace.get(self.kwargs['namespace_name'])
         except KeyError:
-            raise Http404(_('Namespace: %s, not found') % self.kwargs['namespace_name'])
+            raise Http404(
+                _('Namespace: %s, not found') % self.kwargs['namespace_name']
+            )
 
     def get_queryset(self):
         return self.get_namespace().settings